Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | |||||
| CVE-2019-8363 | 1 Verydows | 1 Verydows | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | |||||
| CVE-2019-8361 | 1 Responsive Video News Script Project | 1 Responsive Video News Script | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | |||||
| CVE-2018-6906 | 1 Rainmachine | 1 Rainmachine Web Application | 2019-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | |||||
| CVE-2018-13403 | 1 Atlassian | 1 Jira | 2019-02-14 | 3.5 LOW | 5.4 MEDIUM |
| The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard. | |||||
| CVE-2019-6589 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. | |||||
| CVE-2019-7742 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | |||||
| CVE-2019-7740 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | |||||
| CVE-2019-7741 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | |||||
| CVE-2019-7744 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | |||||
| CVE-2015-7520 | 1 Apache | 1 Wicket | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element. | |||||
| CVE-2019-8334 | 1 Schoolcms | 1 Schoolcms | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. | |||||
| CVE-2019-8335 | 1 Schoolcms | 1 Schoolcms | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS]. | |||||
| CVE-2019-7748 | 1 Dbninja | 1 Dbninja | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| _includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. | |||||
| CVE-2019-7693 | 1 Axiositalia | 1 Registro Elettronico | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation. | |||||
| CVE-2015-4540 | 1 Emc | 1 Rsa Identity Management And Governance | 2019-02-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5347 | 1 Apache | 1 Wicket | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. | |||||
| CVE-2019-7753 | 1 Verydows | 1 Verydows | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. | |||||
| CVE-2019-3923 | 1 Tenable | 1 Nessus | 2019-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue. | |||||
| CVE-2015-3012 | 3 Debian, Kogmbh, Owncloud | 3 Debian Linux, Webodf, Owncloud | 2019-02-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | |||||
| CVE-2018-12241 | 1 Symantec | 1 Security Analytics | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. | |||||
| CVE-2019-7677 | 1 Enphase | 1 Envoy | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | |||||
| CVE-2018-20778 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | |||||
| CVE-2018-20774 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | |||||
| CVE-2018-20777 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | |||||
| CVE-2013-1937 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable." | |||||
| CVE-2019-7545 | 1 Dbninja | 1 Dbninja | 2019-02-08 | 3.5 LOW | 5.4 MEDIUM |
| In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. | |||||
| CVE-2019-7544 | 1 Mywebsql | 1 Mywebsql | 2019-02-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. | |||||
| CVE-2018-17193 | 1 Apache | 1 Nifi | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2015-3361 | 1 Linkit Project | 1 Linkit | 2019-02-07 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2019-7567 | 1 Bijiadao | 1 Waimai Super Cms | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. | |||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. | |||||
| CVE-2019-7543 | 1 Kindsoft | 1 Kindeditor | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7546 | 1 Topnew | 1 Sidu | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7547 | 1 Topnew | 1 Sidu | 2019-02-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. | |||||
| CVE-2018-20756 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||||
| CVE-2018-20757 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | |||||
| CVE-2018-20755 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | |||||
| CVE-2019-1000024 | 1 Opt-net | 1 Ng-netms | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-1000004 | 1 Jspmyadmin | 1 Jspmyadmin2 | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question. | |||||
| CVE-2019-6591 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-02-06 | 3.5 LOW | 5.4 MEDIUM |
| On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | |||||
| CVE-2019-1000010 | 1 Phpipam | 1 Phpipam | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4. | |||||
| CVE-2019-7349 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | |||||
| CVE-2019-7348 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. | |||||
| CVE-2019-7344 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. | |||||
| CVE-2019-7345 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 3.5 LOW | 4.8 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. | |||||
| CVE-2019-7342 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. | |||||
| CVE-2019-7341 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | |||||
| CVE-2019-7343 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | |||||
| CVE-2019-7340 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. | |||||